Thursday, January 12, 2006

Don't use Out of Office auto emails!

The recent attempt to steal £220 million from the Sumitomo Mitsui Japanese bank is another reminder of the potential devastating effects of cyber crime.

However it is not just high-tech criminals that are at work. Beware too of those who seek to take advantage of workers who use an ‘away from office’ automated generated e-mail response.

It is possible for criminals to discover an employee’s personal details and home address by researching the information contained in an ‘away from office’ e-mail against online directory databases such as www.192.com and www.bt.com. Those most vulnerable are those that may more easily be identified such as those with unusually spelt names that live in small towns and /or communities and high ranking members of staff such as directors.

Action to consider

§ Is it really necessary to generate an ‘away from the office’ e-mail? Where others are involved in a particular project, arrangements will be made within the office to cover your absence and so a simple telephone call to the relevant parties can avoid any communication breakdown.

§ Arrange for a supervisor or appropriate nominee to check your e-mails and where necessary delegate any action required. E-mails are really no different to postal mail. It is unlikely that letters will be left unopened on your desk. Employees and employers must then also consider what is considered ‘personal e-mail’ and how to deal with such.

ii) Provide an alternative contact within your organisation to deal with enquiries. This should be pre-agreed with an appropriate person who ought not to then disclose sensitive details to speculative callers.

iii) Have in place a suitable risk management procedure.

Do Not:

1. Do not state on any e-mail:

i) Dates of your absence and return date;

ii) Confirm that you are on holiday or out of the country;

iii) Alternative personal contact details;

iv) Your home address and telephone numbers;

v) Include another’s personal contact details.

2. Do not arrange for automated responses to be sent from your home computer or on personal accounts.

Remember that automated e-mails are effectively advertising who you are, what you do and the circumstances of your absence. Such information can easily be used by fraudsters and burglars to take advantage of your helpful nature.

Jason Lysandrides - Lawdit Solicitors

This article does not constitute legal advice and is for guidance purposes only.

[END QUOTE]

VASPERS: My wife Andrea mentioned to me that she saw it happen:

employees used the "Out of Office" automated email service, and those employees got flooded with spam in their inbox.